The example code is wrong (at least as of 4.2.0). The recipcerts parameter is either the actual text of the base64 encoded key file, or it must be a filename in "file://..." format. A normal path will not work (OpenSSL tries to use the path as the actual certificate). The above code works as:
<?php
// the message you want to encrypt and send to your secret agent
// in the field, known as nighthawk. You have his certificate
// in the file nighthawk.pem
$data = <<<EOD
Nighthawk,
Top secret, for your eyes only!
The enemy is closing in! Meet me at the cafe at 8.30am
to collect your forged passport!
HQ
EOD;
// load key
$key = implode("", file("my.pem"));
// save message to file
$fp = fopen("msg.txt", "w");
fwrite($fp, $data);
fclose($fp);
// encrypt it
if (openssl_pkcs7_encrypt("msg.txt", "enc.txt", $key,
array("To" => "[email protected]", // keyed syntax
"From: HQ <[email protected]>", // indexed syntax
"Subject" => "Eyes only")))
{
// message encrypted - send it!
exec(ini_get("sendmail_path") . " < enc.txt");
}
?>
[You can also pass an array of recipcerts values, but I haven't used that so I don't know what it's expecting.]